WASHINGTON  D.C. 


Too  many  alerts? 


DO  YOU  NEED 
A SECURITY 
ORCHESTRATION 
AND  AUTOMATION 
PLATFORM? 


|JP 


Unintegrated  tools? 


up  ip 


Not  enough  people? 


o 
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Get  Komand 


Visit  Komand  in  the  sponsor  area 

to  learn  how  our  security  orchestration  and  automation 

>IOMAND 

platform  will  help  you  do  more,  stress  less,  and  respond 

www.komand.com 

to  threats  faster  than  ever  before 

weLcome  to  ssroes  oci 

This  year  marks  our  fourth  annual  event  here  in  Washington  DC!  This  weekend  you  wii.  e\rer:ence  the  culmination  of 
twelve  months  of  hard  work  by  the  local  members  of  the  information  security  community  to  rr:r.g  you  an  event  worthy  of 
the  BSides  name.  We  present  to  you  three  days  crammed  with  speakers,  training,  networking,  ^er  and  the  very  first  track 
for  kids!  We  strive  for  an  open  atmosphere  of  learning,  sharing,  collaboration,  and  r^rcipation  amongst  infosec 
professionals  of  ALL  levels  of  experience  across  a wide  range  of  disciplines  and  backgrour*  So,  with  no  further  ado, 
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BLU6  This  badge  will  be  issued  to  all  Hacker  < Thief ) Class  Attendees.  Rouges’  All  of  them! 

ORBnOB  If  you  see  this  badge,  you  are  in  the  presence  of  a Le\el  42  Wizard  of  Organization.  The  holders  of  this 
badge  are  well  known  for  their  Charisma.  Dexterity  with  Powerpoinu  and  melee  combat  prowess.  Should 
they  issue  an  order,  all  are  expected  to  obey . 

BSD  Respect  the  Paladins  that  are  identified  by  the  red  . - - “ish  ability  is  unparalled 

and  they  are  especially  effective  at  fighting  undeac  rr  . * _ ..  ’ 'd  yourself  needing  back  up 

in  that  area. 


Our  Volunteer  Scouts  should  be  consulted  if  y ou  need  ~ >:an ce. 


WHITS 


BLOCK 


PB8SS 


Our  speakers  wear  the  White  Bard  Badge  of 
Knowledge.  Be  sure  to  thank  them  for  sharing  their 
knowledge  this  weekend. 

Our  sponsors  are  what  makes  this  event  possible. 
These  individuals  have  contributed  much  to  make 
this  event  a reality. 

You  probably  won’t  see  a black  badge.  Why? 

These  are  the  ninjas.  They  are  highly  skilled  and 
usually  invisible.  If  you  do  happen  to  see  one,  w ell, 
good  luck  with  that. 

'nuff  said. 


PRinciPLes  5 vsluss 


We  don't  think  this  should  be  too  complicated.  Conduct  of  all  who  participate  in  our  community  should  be  based  on  open  dialog,  a 
willingness  to  learn,  and  helping  each  other  out.  For  Security  B-Sides  DC,  our  rules  of  conduct,  principles,  and  values  are  listed  here. 

conoucT-  We  believe  that  there  are  simple  rules  for  governance  at  any  meeting  of  people  striving  to  be  a community: 

1.  Don't  be  an  asshole. 

2.  Be  willing  to  learn. 

3.  Be  willing  to  share. 

4.  Be  willing  to  help. 

5.  Be  willing  to  listen. 

6.  Accept  criticism. 

7.  Be  kind. 

B-Sides  DC  is  not  an  elementary  school.  It's  not  a land  full  of  rainbows  and  unicorns.  Neither  is  it  hell  on  earth.  If  you  believe 
someone  is  misbehaving,  acting  inappropriately,  or  acting  illegally,  start  by  talking  to  that  person.  Confirm  your  perspective.  If  you 
are  unable,  or  unwilling,  to  do  that,  that's  OK  — find  a B-Sides  DC  Staff  member  and  talk  to  them. 

PRiriCIPLeS  - Security  B-Sides  operates  under  three  simple  principles: 

1 . Expand  the  conversation. 

2.  Enable  people  to  join  the  discussion. 

3.  Get  people  involved. 

B-Sides  DC  supports  those  principles  as  part  of  our  regional  B-Sides  operation.  What  that  means  is  that  B-Sides  DC  is  your 
conference.  It  is  up  to  everyone  involved  to  make  it  happen,  to  engage  in  the  debates,  to  speak  up  and  give  voice  to  the  issues. 
Feedback  to  the  organizers  is  always  welcome. 

V8LUeS  - Each  B-Sides  is  a community-driven  framework  for  building  events  for,  and  by,  information  security  professionals.  The 
goal  is  to  expand  the  spectrum  of  conversation  beyond  the  traditional  confines  of  space  and  time.  B-Sides  creates  opportunities  for 
individuals  to  both  present  and  participate  in  an  intimate  atmosphere  that  encourages  collaboration.  It  is  an  intense  event  with 
discussions,  demos,  and  interaction  from  participants.  It  is  where  conversations  for  the  next  big  thing  are  happening. 

We  value 

• We  lower  the  barriers  for  people  to  participate. 

• We  involve  people  in  organizing  the  events,  to  help  them  participate,  involve  a diversity  of  input,  and  teach  a new  generation 
of  organizers. 

• We  build  and  use  tools  that  enable  greater  participation,  share  ideas,  and  enable  others  to  share  the  magic  we  collectively 
create.  We  share  our  work  openly. 

• We  help  grow  the  community,  because  a stronger  group  helps  everyone  involved. 

We  participate 

• There  are  no  bystanders. 

• We  all  participate  in  different  ways,  including:  audience,  speakers,  organizers,  sponsors,  volunteers. 

• We  encourage  everyone  to  share  their  skills,  expertise,  and  talent. 

We  steward 

• We  make  decisions  that  strengthen  the  brand  for  everyone,  not  just  oursehes. 

• We  remember  that  we  are  not  owners  of  the  brand,  or  the  e\ent.  but  simpK  caretakers  that  carry  the  torch  for  a period  of 
time,  until  we  pass  it  to  others. 

• We  treat  others  with  grace  and  respect  at  all  times. 


FRfoav  si  acToser?  seis 


Binary  Reverse 
Engineering  for 
Beginners 

(Benjamin  Demick, 
Michael  Schroeder, 

Malachi  Jones, 
Allen  Hazelton) 


SANS  Net  Wars 
Tournament 


SANS  NetWars 
Tournament 


can  you  caTCH  THem  au.? 
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saTURDaY  as  octobsr  201s 
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General 

Hall 

Hall 
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Track  1 

Track  2 
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8:00  AM 

9:00  AM 

Welcome 

Welcome 

Alex  Norman  & Bob  Weiss 

A lex  Norman  & Bob  Weiss 

(15  Minutes) 

(15  Minutes) 

9:15  AM 

KEYNOTE 

KEYNOTE 

BSidesDC 

Marcia  Hoffman 

Marcia  Hoffman 

Wireless 

Lockpick 

(45  Minutes) 

(45  Minutes) 

Registration 

Capture 

Village 

10:00 

Morning  Break 

Morning  Break 

the 

(30  Minutes) 

(30  Minutes) 

& 

Flag 

10:30 

WCTF  Magic  as  Told  by  a 
Clumsy  Magician 

CryptKids  Keynote 

(WCTF) 

& 

Timothy  Allmon 

Liam  Randall 

Storefront 

2nd  Annual 

(50  Minutes) 

(50  Minutes) 

BSidesDC 

IOT  Village 

Vulnerability  Management 

Detecting  Malicious 

Systems  Flawed  - Leaving 

Websites  Using  Machine 

Storefront 

CryptKids  Con 

11:30 

Your  Enterprise  at  High  Risk 

Learning 

Ajit  Thyagarajan,  Andrew 

Gordon  MacKay 

Beard 

(50  Minutes) 

(50  Minutes) 

12:30 

LUNCH 

LUNCH 

Catered  Lunch  in  the 

Catered  Lunch  in  the 

Conference  Space  Provided 

Conference  Space  Provided  by 

by  ENDGAME 

ENDGAME 

(1  Hour) 

(1  Hour) 

Powershell  Security: 

Applying  Data  Science  to 

Defending  the  Enterprise 

Identify  Malicious  Actors  in 

From  the  Latest  Attack 

1:30 

Enterprise  Logs 

Platform 

Balaji  Balakrishnan 

Sean  Metcalf 

(50  Minutes) 

(50  Minutes) 

Attacking  Patient  Health: 
The  Anatomy  of  Hospital 

Beyond  Automated  Testing 

2:30 

Exploitation 

Zachary  Meyers  & Andrew 

Jacob  Holcomb 

McNicol 

(50  Minutes) 

(50  Minutes) 

3:30 

Adversarial  Post- 
Exploitation:  Lessons  From 
the  Pros 

How  to  Join  the  Infosec 
Community 

Justin  Warner  & 

Chris  Ross 

Micah  Hoffman 

(50  Minutes) 

(50  Minutes) 

4:30 

Act  and  Think  Like  an 
Epidemiologist  to  Combat 
Digital  Diseases 

Abusing  Windows  With 
Powershell  and  Microsoft 
Debuggers  in  User-land  and 
Kernel-land 

Efrain  Ortiz 

Pierre-Alexandre  Braeken 

(50  Minutes) 

(50  Minutes) 

saTusoaY  22  ocToaej?  201s  - TRainins 


Mount  Vernon  B 
Training  2 


Meeting  Room  15 
Training  3 


Meeting  Room  16 
Training  4 


Cyber  Security 

Exercise  CTF 

Building  Blocks: 

presented  by 

The  Security 

Symantec 

Analyst's  Toolbox 

Point  3 Cyber  A3  CTF 

Kerry  Hazelton 

0900-1600 

0900-1600 

0900-1600 

sunoaY  23  ocToaer?  201s  - TRaimns 


sunoay  S3  o eraser?  201s  - TRainins 


Grand  South 

Grand  Central 

General 

Congressional 

Hall 

Congressional 

Hall 

Track  1 

Track  2 

B 

A 

8:00  AM 

9:00 

21st  Century  War  Stories 

YAYA  (Yet  Another  Yara 
Allocution) 

Ben  Turner 

John  Loycock  & Monty  St.  John 

(50  Minutes) 

(50  Minutes) 

10:00 

Morning  Break 

Morning  Break 

BSidesOC 

(30  Minutes) 

(30  Minutes) 

Wireless 

Lockpick 

10:30 

A Hacker's  Guide  to  Usability 
Testing 

Cyber  Threats  and  Russian 
Information  and  Electronic 

Warfare 

Registration 

Capture 

Village 

Greg  Norcie 

Paul  Joyal 

& 

the 

(50  Minutes) 

(50  Minutes) 

Flag 

11:30 

LUNCH 

LUNCH 

Storefront 

(WCTF) 

& 

(1  Hour) 

(1  Hour) 

IOT  Village 

12:30 

Tales  From  the  Crypt... 
(Analyst) 

Tipping  the  Scales  Back  in  Our 
Favour 

Storefront 

Jeff  Mon 

Rene  Aguero 

(50  Minutes) 

(50  Minutes) 

1:30 

"Knowing  the  Enemy"  - 
Creating  a Cyber  Threat  Actor 
Attribution  Program 

Practical  Cyborgism:  Getting 
Started  with  Machine  Learning  for 
Incident  Detection 

Jack  Johnson 

David  Bianco  & Chris  McCubbin 

(50  Minutes) 

(50  Minutes) 

2:30 

A Notational  Framework  for 
Applying  Antifragile  Thinking  to 
the  RMF-Growing  Stronger 
Through  Compromise 

Joe  Klein 

Users  and  Cloud  Collide: 
Understanding  Threat  Vectors  in 
the  Enterprise  Cloud  Environment 

Ron  Zalkind 

(50  Minutes) 

(50  Minutes) 

3:30 

What's  the  Big  Deal  with 
Assessing  ICS/SCADA 

Tails  of  Fails  and  Tools  for 
Message  Integrity 

Jim  Gilsinn 

Jacob  Thompson 

(50  Minutes) 

(50  Minutes) 

4:30 

Closing  Remarks 

Closing  Remarks 

(30  Minutes) 

(30  Minutes) 

MEETING  ROOM  LEVEL 


FRANKLIN  SQUARE 


MOUNT  VERNON 

SQUARE  ROOM 


THanfc  you  to  sophos  pop  ooname  THeie  tcch  kit  to  twe  event! 
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pop  me  use  op  thsip  paorosi 
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Toool  DC 


VILLAGE 


Wireless 

VILLAGE 


independent  security  evaluators 


g^antietam 

THanKSTO  technologies  INC  rOP  SPOnSOPfHG  COPPee ! 


THanKS  TO 


ENDGAME 


pop  sponsoprnG  LuncH. 


ano  a specraL  THarwc  you  to  am.  oub  PLannms  commiTToe  memaeps! 


co-orpecTOPs 

Alex  Norman  & Robert  Weiss 

commrrree  cHaras 

Dorann  Norman  - Finance  Brett  Thorson  & Alexander  Romero  - Video 

Angelo  Capili  - Sponsorship  Kellop  Charles  - Photography 

Jim  Gilsinn  & Corey  Sinay  - Infrastructure  Seth  Feldman  - CFP 

Preston  Thomas  - Locksport  Jenny  Bond  - Crypt  Kids  and  Art  & Design 

Nathaniel  Davis,  Joanne  Venema,  ForgOtten  - Volunteer  Coordinators 

coirunnree  ineinBej?s 

Jim  Elliott  Derek  Rogillio  Mick  Baccio  Dave  Cafaro 


join  us  pop  tug  Bsioesac  sftggpsigty  st  ths  iponHosse  Taproom 


507  7th  STPeeT  nw 
wasHtneTon,  oc  20004 
saTUPoav  as  octobop  201s 
7:00  PIT! 


sponsopeo  by: 

* Altus  Consulting 


sponsors 

Events  cost  money  and  we  desire  that  very  little  of  these  costs  be  shouldered  by  the  attendees.  As  with  many 
security  BSides,  our  goal  is  to  provide  you  with  a fantastic,  educational,  fun  filled  weekend  of  information 
security  knowledge  sharing  and  community  building  at  the  lowest  barrier  to  entry  possible.  We  give  a shout  out 
to  our  sponsors  who  have  made  this  event  possible  for  you: 

-enGBGinG  thb  auoienee- 


OMAND 


redhat 


EBOve  sno  seyono 


ill1 

IT 

■ 

1L 

m 

r ■ T 

.11 

J /MfiVlUM  sialiKMTi  'ima. sr 


g AR5J5A  ENDGAME. 
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tenable 

network  security 


antietam  UPLEV£L 

TECHNOLOGIES.  I“" 

Cleared  Jobs® 


paloalto 

networks. 


Altus  Consulting  >. 

W 1 <5§>FireEye 

^ Symantec.  ^ iiai  i a ki  t 

Point 3 VALIANT 


VENCORE 
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SOLUTIONS 


DEFENSE  POINT 
SECURITY 
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SYSTEM  1,  INC. 


WarCnllar 
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O Binary  Guard 

jffiMjlsYNCURITY  IfK  ENEXIS 


WASHINGTON  D.C. 


■manic  you  for  comma!  see  you  next  Yeaw 


info@bsidesdc.ori: 

sponsor@bsidesc^ 


BSidesDC 


j Bv.desDC 


